User Contributed Notes 12 notes

Following method do not show the URL in user browser (as the author claimed) if the code resides in the source page of FRAME or IFRAME (say SRC="sourcepage.php") . In that case the URL of the SOURCE page is displayed.

/*May be this is obvious but helps me since I found it: If I want to append a variable to the url and pass it to the same page. ( in this example I'm using action=email to include an email form on the user click) i do:*/

Note that $_SERVER["HTTP_REFERER"] may not include GET data that was included in the referring address, depending on the browser. So if you rely on GET variables to generate a page, it's not a good idea to use HTTP_REFERER to smoothly "bounce" someone back to the page he/she came from.

Note also that the URL shown in $HTTP_REFERER is not always the URL of the web page where the user clicked to invoke the PHP script.
This may instead be a document of your own web site, which contains an HTML element whose one attribute references the script. Note also that the current page fragment (#anchor) may be transmitted or not with the URL, depending on the browser.
Examples:
<FRAME src="your-page-script.php"8>
<IMAGE src="your-image-script.php">

In such case, browsers should transmit the URL of the container document, but some still persist in using the previous document in the browser history, and this could cause a different $HTTP_REFERER value be sent when the user comes back to the document referencing your script. If you wanna be sure that the actual current document or previous document in the history is sent, use client-side JavaScript to send it to your script:

And then check the value of $js in your page script to generate appropriate content when the remote user agent does not support client-side scripts (such as most index/scan robots, some old or special simplified browsers, or browsers with JavaScript disabled by their users).

When using a multiple select on a form, I ran into a little issue of only receiving the last value form the select box.I had a select box named organization_id with two values (92 and 93).To get the values of both, I had to use the following:

Warning: when the PHP engine runs for your hosted web site, it may execute on a domain name which is completely different than the one the user requested in its browser. Many free web hosting site use proxies and/or multiple DNS entries for your hosted web site. This means that:
- the IP of the web server can change if multiple DNS entries are present (there may be several web servers running concurrently)
- reverse DNS name from the IP may give different domain name over time, or if the domain name is a CNAME only for a virtual web server hosting many domains
- the server running PHP may be different than the web server
- the web server may be hidden behind a proxy which balances the load between a farm of servers
- the queried host name in the HTTP headers may be different than the queried host name in the browser, if behind a redirecting proxy
- the actual path name of the ressource may be also different, with additional path elements: this is very common on free hosting servers, where you get a virtual CNAME domain, which gets translated by a proxy into an actual web server, and a domain-specific document root directory

So when thinking about using absolute path names you can retreive from PHP, beware that this may not be accurate to insert as absolute URL's in the HTML code built with PHP.

The best solution is then to ALWAYS USE relative URLs to reference documents and form scripts on your local server !

This applies to $PHP_SELF too, because it's an absolute pathname: don't use it directly but you can safely use basename($PHP_SELF) to reference your script within HTML forms:

Note on the above: the point is that is that using $_SERVER['QUERY_STRING'] along with $PHP_SELF we will have passed whatever variables are already appended (as they might be needed for database queries)